Difference between revisions of "Workstation configuration"

From IridiaWiki
Jump to navigationJump to search
m
Line 45: Line 45:
 
164.15.10.255
 
164.15.10.255
 
|}
 
|}
  +
  +
  +
== Firewall configuration ==
  +
Since the computers are available through direct connections from internet you should protect your machine with a firewall.
  +
Linux provides an integrated mechanism for accepting or rejecting incoming packets.
  +
  +
If you want to setup a good firewall quickly, you may use the following link :
  +
[http://easyfwgen.morizot.net/gen/ link firewall script generator]
  +
  +
  +
'''How to generate the firewall script ?'''
  +
  +
  +
Usually, the interface to internet is eth0. You can check your available interfaces
  +
by typing (as root) :
  +
  +
''# ifconfig -a''
  +
  +
Most of the time, you wish to have an access to the computer, but you still want it
  +
to be secure. The best is to disable any inbound service except SSH. The SSH connections
  +
are encrypted so that you can safely access to the computer even if someone is tcpdumping
  +
your connection.
  +
  +
For the moment, I don't know how to use the Fireparse format. If you know about it
  +
just use it. Otherwise you'll have to take a look at the logs (''/var/log/syslog'') to
  +
monitor the possible network problems or attacks.
  +
  +
Now that you have all the necessary informations, you can generate the firewall script.
  +
Name this script ''iptables'', give it execution rights (''chmod u+x iptables'') and put it under the directory ''/etc/init.d/''.
  +
Be aware that the script loads some iptables modules in your kernel. If you have recompiled your kernel then you
  +
should ensure that the necessary modules are present. If you have statically linked the code to the kernel
  +
then you should remove the modprobe commands in the firewall's script.
  +
  +
Now simply add a symbolic link in the runlevel 2 to this script by typing (as root) :
  +
  +
''# ln -s /etc/rc2.d/S12iptables''
  +
  +
  +
You should adapt the number 12 to your needs. The firewall must be run as early as possible.
  +
For example if telnet services are run before it, an attack is still possible. Be careful about this.
  +
  +
If you want to understand more deeply iptables, you can check the following URLs :
  +
  +
[http://www.netfilter.org/ link Iptables official website]
  +
[http://iptables-tutorial.frozentux.net/iptables-tutorial.html link Iptables tutorial and explanations]
  +
[http://lea-linux.org/reseau/iptables.html link Setting up a firewall using iptables (in french)]
  +
   
 
== Printer configuration ==
 
== Printer configuration ==

Revision as of 19:30, 24 October 2004

Network configuration

You should get a static IP from the system administrator. Your hostname will be the name of a famous scientist and the domain is iridia.ulb.ac.be. Other relevant addresses are:

Description IP address

Gateway

164.15.10.254

DNS1

134.184.250.7

DNS2

134.184.15.13

You might also need to add the following data, althoug many systems set it automatically:

Description Value

Network

164.15.10.0

Netmask

255.255.255.0

Broadcast

164.15.10.255


Firewall configuration

Since the computers are available through direct connections from internet you should protect your machine with a firewall. Linux provides an integrated mechanism for accepting or rejecting incoming packets.

If you want to setup a good firewall quickly, you may use the following link : link firewall script generator


How to generate the firewall script ?


Usually, the interface to internet is eth0. You can check your available interfaces by typing (as root) :

# ifconfig -a

Most of the time, you wish to have an access to the computer, but you still want it to be secure. The best is to disable any inbound service except SSH. The SSH connections are encrypted so that you can safely access to the computer even if someone is tcpdumping your connection.

For the moment, I don't know how to use the Fireparse format. If you know about it just use it. Otherwise you'll have to take a look at the logs (/var/log/syslog) to monitor the possible network problems or attacks.

Now that you have all the necessary informations, you can generate the firewall script. Name this script iptables, give it execution rights (chmod u+x iptables) and put it under the directory /etc/init.d/. Be aware that the script loads some iptables modules in your kernel. If you have recompiled your kernel then you should ensure that the necessary modules are present. If you have statically linked the code to the kernel then you should remove the modprobe commands in the firewall's script.

Now simply add a symbolic link in the runlevel 2 to this script by typing (as root) :

# ln -s /etc/rc2.d/S12iptables


You should adapt the number 12 to your needs. The firewall must be run as early as possible. For example if telnet services are run before it, an attack is still possible. Be careful about this.

If you want to understand more deeply iptables, you can check the following URLs :

link Iptables official website link Iptables tutorial and explanations link Setting up a firewall using iptables (in french)


Printer configuration

Name URL Model Location

Gutenberg

gutenberg.ulb.ac.be

HP4100

The seminar room

Meucci

meucci.ulb.ac.be

Ricoh Aficio 1290

-

The IRIDIA and the ULB network

The IRIDIA system administrator can create an account on the local subnet for you, however, if you want to have access to some of the computer services of the university, you'll need an account on the university network as well. Ask the secretary for the forms and the process.

Mail configuration

Assuming that you have an account on both the local and the university network the mail settings are as follows:

Service URL

SMTP

smtp.ulb.ac.be

Iridia POP

iridia.ulb.ac.be

Iridia IMAP

iridia.ulb.ac.be

ULB POP

pop.ulb.ac.be

ULB IMAP

pop.ulb.ac.be

The SMTP server does not require authentication. The POP and IMAP services of ULB accept unsecure connections (no SSL). The POP and IMAP servers of Iridia require secure connections (with SSL).

There are also web interfaces available to read the email if you can not connect to the above servers via POP or IMAP:

SERVER URL

ULB

https://wwwdev.ulb.ac.be/webmail2/webmail.php

IRIDIA

https://iridia.ulb.ac.be/squirrelmail/